The .co.cc second-level domain (SLD) is a bulk domain registration service and had become a favorite for cyber criminals to host their scareware and phishing pages.

Security researchers have not endorsed Google’s decision because the measure does not prevent the abuse and probably hurts more legit domain owners than cyber criminals. On top of that, security researchers from Kaspersky said cyber criminals are dropping .co.cc in favor of alternative SDLs like co.cz, uni.cc, and bz.cm.

“Google’s actions may not have been very beneficial. On the one hand, they have removed a huge amount of malicious resources from their resource. On the other hand, they have forced out a lot of legitimate websites,” said Kaspersky Lab expert Eugene Aseev.

“Moreover, as there are many services like co.cc, the cyber criminals will quickly switch over to another service, making the blocking of just one zone completely pointless,” he said.

Having malicious domains spread across more SDLs instead of just one doesn’t only make it harder for Google to block them, but also for network administrators who might have prevented access to .co.cc domains from their networks.

Blocking complete access to the domains is much more efficient than removing them from search results, because in most cases the malicious .co.cc domains end up being landing pages or second and third level redirects. This means they didn’t appear in search results in the first place.